-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathldap_map.pp
83 lines (77 loc) · 2.56 KB
/
ldap_map.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#
# Define a LDAP map
#
# Parameters:
# - search_base: dn for search base. This parameter is required!
# - server_host: Must either be hostname or a valid LDAP URL.
# All LDAP URLs accepted by the OpenLDAP library are
# supported, including connections over UNIX domain
# sockets, and LDAP SSL (the last one provided that
# OpenLDAP was compiled with support for SSL)
# (Default: localhost)
# - server_port Port of the service (Default: 389).
# - scope: depth of search: sub|base|one (Default: sub)
# - query_filter: Search filter expression (Default: '(mail=%s)').
# - result_attribute: Attribute to be used as return value (Default: 'uid').
# - ldap_version LDAP protocol version (Default: 3).
# - start_tls Whether to use the Start_SSL command. Must be true or
# false (Default: true),
# - tls_require_cert Whether to require a valid certificate to be returned by
# the TLS protocol. Will not be set if start_tls is set to
# false (Default: true).
# - tls_ca_cert_file Path to the TLS CA certificate file. Will not be set if
# start_tls is set to false.
# - bind Whether to bind prior to searching for entry. Must be
# true or false (Default: false).
# - bind_dn DN to bind to. Will not be set if bind is false.
# - bind_pw PW to bind with. Will not be set if bind is false.
#
define postfix::ldap_map (
$search_base,
$server_host = 'localhost',
$server_port = '389',
$scope = 'sub',
$ldap_version = '3',
$start_tls = true,
$tls_require_cert = true,
$tls_ca_cert_file = undef,
$query_filter = '(mail=%s)',
$result_attribute = 'uid',
$bind = false,
$bind_dn = undef,
$bind_pw = undef,
){
include postfix::ldap
$valid_scope_names = ['sub', 'base', 'one']
if !member($valid_scope_names, $scope) {
fail("the scope must be one of ${valid_scope_names}")
}
validate_bool($bind)
validate_bool($start_tls)
validate_bool($tls_require_cert)
$map_name = $name
#
# template uses:
# map_name
# server_host
# server_port
# ldap_version
# start_tls
# search_base
# query_filter
# scope
# result_attribute
# tls_ca_cert_file
# tls_require_cert
# bind
# bind_dn
# bind_pw
#
file{"/etc/postfix/${name}.cf":
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
content => template("${module_name}/ldap_map.cf.erb"),
}
}